Halting the Hacker - A Practical Guide to Computer Security

home *** CD-ROM | disk | FTP | other *** search

/ Halting the Hacker - A P…uide to Computer Security / Halting the Hacker - A Practical Guide to Computer Security.iso / rfc / rfc998.txt < prev next >

Wrap

Text File | 1997-04-01 | 56KB | 1,238 lines

Network Working Group David D. Clark Request for Comments: 998 Mark L. Lambert Obsoletes: RFC 969 Lixia Zhang MIT March 1987 NETBLT: A Bulk Data Transfer Protocol 1. Status This document is a description of, and a specification for, the NETBLT protocol. It is a revision of the specification published in NIC RFC-969. The protocol has been revised after extensive research into NETBLT's performance over long-delay, high-bandwidth satellite channels. Most of the changes in the protocol specification have to do with the computation and use of data timers in a multiple buffering data transfer model. This document is published for discussion and comment, and does not constitute a standard. The proposal may change and certain parts of the protocol have not yet been specified; implementation of this document is therefore not advised. 2. Introduction NETBLT (NETwork BLock Transfer) is a transport level protocol intended for the rapid transfer of a large quantity of data between computers. It provides a transfer that is reliable and flow controlled, and is designed to provide maximum throughput over a wide variety of networks. Although NETBLT currently runs on top of the Internet Protocol (IP), it should be able to operate on top of any datagram protocol similar in function to IP. NETBLT's motivation is to achieve higher throughput than other protocols might offer. The protocol achieves this goal by trying to minimize the effect of several network-related problems: network congestion, delays over satellite links, and packet loss. Its transmission rate-control algorithms deal well with network congestion; its multiple-buffering capability allows high throughput over long-delay satellite channels, and its various timeout/retransmit algorithms minimize the effect of packet loss during a transfer. Most importantly, NETBLT's features give it good performance over long-delay channels without impairing performance over high-speed LANs. Clark, Lambert, & Zhang [Page 1] RFC 998 March 1987 The protocol works by opening a connection between two "clients" (the "sender" and the "receiver"), transferring the data in a series of large data aggregates called "buffers", and then closing the connection. Because the amount of data to be transferred can be very large, the client is not required to provide at once all the data to the protocol module. Instead, the data is provided by the client in buffers. The NETBLT layer transfers each buffer as a sequence of packets; since each buffer is composed of a large number of packets, the per-buffer interaction between NETBLT and its client is far more efficient than a per-packet interaction would be. In its simplest form, a NETBLT transfer works as follows: the sending client loads a buffer of data and calls down to the NETBLT layer to transfer it. The NETBLT layer breaks the buffer up into packets and sends these packets across the network in Internet datagrams. The receiving NETBLT layer loads these packets into a matching buffer provided by the receiving client. When the last packet in the buffer has arrived, the receiving NETBLT checks to see that all packets in that buffer have been correctly received. If some packets are missing, the receiving NETBLT requests that they be resent. When the buffer has been completely transmitted, the receiving client is notified by its NETBLT layer. The receiving client disposes of the buffer and provides a new buffer to receive more data. The receiving NETBLT notifies the sender that the new buffer is ready, and the sender prepares and sends the next buffer in the same manner. This continues until all the data has been sent; at that time the sender notifies the receiver that the transmission has been completed. The connection is then closed. As described above, the NETBLT protocol is "lock-step". Action halts after a buffer is transmitted, and begins again after confirmation is received from the receiver of data. NETBLT provides for multiple buffering, a transfer model in which the sending NETBLT can transmit new buffers while earlier buffers are waiting for confirmation from the receiving NETBLT. Multiple buffering makes packet flow essentially continuous and markedly improves performance. The remainder of this document describes NETBLT in detail. The next sections describe the philosophy behind a number of protocol features: packetization, flow control, transfer reliability, and connection management. The final sections describe NETBLT's packet formats. 3. Buffers and Packets NETBLT is designed to permit transfer of a very large amounts of data between two clients. During connection setup the sending NETBLT can inform the receiving NETBLT of the transfer size; the maximum transfer length is 2**32 bytes. This limit should permit any practical application. The transfer size parameter is for the use of the receiving client; the receiving NETBLT makes no use of it. A Clark, Lambert, & Zhang [Page 2] RFC 998 March 1987 NETBLT receiver accepts data until told by the sender that the transfer is complete. The data to be sent must be broken up into buffers by the client. Each buffer must be the same size, save for the last buffer. During connection setup, the sending and receiving NETBLTs negotiate the buffer size, based on limits provided by the clients. Buffer sizes are in bytes only; the client is responsible for placing data in buffers on byte boundaries. NETBLT has been designed and should be implemented to work with buffers of any size. The only fundamental limitation on buffer size should be the amount of memory available to the client. Buffers should be as large as possible since this minimizes the number of buffer transmissions and therefore improves performance. NETBLT is designed to require a minimum amount of memory, allowing the client to allocate as much memory as possible for buffer storage. In particular, NETBLT does not keep buffer copies for retransmission purposes. Instead, data to be retransmitted is recopied directly from the client buffer. This means that the client cannot release buffer storage piece by piece as the buffer is sent, but this has not been a problem in preliminary NETBLT implementations. Buffers are broken down by the NETBLT layer into sequences of DATA packets. As with the buffer size, the DATA packet size is negotiated between the sending and receiving NETBLTs during connection setup. Unlike buffer size, DATA packet size is visible only to the NETBLT layer. All DATA packets save the last packet in a buffer must be the same size. Packets should be as large as possible, since NETBLT's performance is directly related to packet size. At the same time, the packets should not be so large as to cause internetwork fragmentation, since this normally causes performance degradation. All buffers save the last buffer must be the same size; the last buffer can be any size required to complete the transfer. Since the receiving NETBLT does not know the transfer size in advance, it needs some way of identifying the last packet in each buffer. For this reason, the last packet of every buffer is not a DATA packet but rather an LDATA packet. DATA and LDATA packets are identical save for the packet type. 4. Flow Control NETBLT uses two strategies for flow control, one internal and one at the client level. The sending and receiving NETBLTs transmit data in buffers; client flow control is therefore at a buffer level. Before a buffer can be Clark, Lambert, & Zhang [Page 3] RFC 998 March 1987 transmitted, NETBLT confirms that both clients have set up matching buffers, that one is ready to send data, and that the other is ready to receive data. Either client can therefore control the flow of data by not providing a new buffer. Clients cannot stop a buffer transfer once it is in progress. Since buffers can be quite large, there has to be another method for flow control that is used during a buffer transfer. The NETBLT layer provides this form of flow control. There are several flow control problems that could arise while a buffer is being transmitted. If the sending NETBLT is transferring data faster than the receiving NETBLT can process it, the receiver's ability to buffer unprocessed packets could be overflowed, causing packet loss. Similarly, a slow gateway or intermediate network could cause packets to collect and overflow network packet buffer space. Packets will then be lost within the network. This problem is particularly acute for NETBLT because NETBLT buffers will generally be quite large, and therefore composed of many packets. A traditional solution to packet flow control is a window system, in which the sending end is permitted to send only a certain number of packets at a time. Unfortunately, flow control using windows tends to result in low throughput. Windows must be kept small in order to avoid overflowing hosts and gateways, and cannot easily be updated, since an end-to-end exchange is required for each window change. To permit high throughput over a variety of networks and gateways, NETBLT uses a novel flow control method: rate control. The transmission rate is negotiated by the sending and receiving NETBLTs during connection setup and after each buffer transmission. The sender uses timers, rather than messages from the receiver, to maintain the negotiated rate. In its simplest form, rate control specifies a minimum time period per packet transmission. This can cause performance problems for several reasons. First, the transmission time for a single packet is very small, frequently smaller than the granularity of the timing mechanism. Also, the overhead required to maintain timing mechanisms on a per packet basis is relatively high and lowers performance. The solution is to control the transmission rate of groups of packets, rather than single packets. The sender transmits a burst of packets over a negotiated time interval, then sends another burst. In this way, the overhead decreases by a factor of the burst size, and the per-burst transmission time is long enough that timing mechanisms will work properly. NETBLT's rate control therefore has two parts, a burst size and a burst rate, with (burst size)/(burst rate) equal to the average transmission time per packet. Clark, Lambert, & Zhang [Page 4] RFC 998 March 1987 The burst size and burst rate should be based not only on the packet transmission and processing speed which each end can handle, but also on the capacities of any intermediate gateways or networks. Following are some intuitive values for packet size, buffer size, burst size, and burst rate. Packet sizes can be as small as 128 bytes. Performance with packets this small is almost always bad, because of the high per-packet processing overhead. Even the default Internet Protocol packet size of 576 bytes is barely big enough for adequate performance. Most networks do not support packet sizes much larger than one or two thousand bytes, and packets of this size can also get fragmented when traveling over intermediate networks, lowering performance. The size of a NETBLT buffer is limited only by the amount of memory available to a client. Theoretically, buffers of 100 Kbytes or more are possible. This would mean the transmission of 50 to 100 packets per buffer. The burst size and burst rate are obviously very machine dependent. There is a certain amount of transmission overhead in the sending and receiving machines associated with maintaining timers and scheduling processes. This overhead can be minimized by sending packets in large bursts. There are also limitations imposed on the burst size by the number of available packet buffers in the operating system kernel. On most modern operating systems, a burst size of between five and ten packets should reduce the overhead to an acceptable level. A preliminary NETBLT implementation for the IBM PC/AT sends packets in bursts of five. It could send more, but is limited by the available memory. The burst rate is in part determined by the granularity of the sender's timing mechanism, and in part by the processing speed of the receiver and any intermediate gateways. It is also directly related to the burst size. Burst rates from 20 to 45 milliseconds per 5- packet burst have been tried on the IBM PC/AT and Symbolics 3600 NETBLT implementations with good results within a single local-area network. This value clearly depends on the network bandwidth and packet buffering available. All NETBLT flow control parameters (packet size, buffer size, burst size, and burst rate) are negotiated during connection setup. The negotiation process is the same for all parameters. The client initiating the connection (the active end) proposes and sends a set of values for each parameter in its connection request. The other client (the passive end) compares these values with the highest- performance values it can support. The passive end can then modify any of the parameters, but only by making them more restrictive. The modified parameters are then sent back to the active end in its response message. Clark, Lambert, & Zhang [Page 5] RFC 998 March 1987 The burst size and burst rate can also be re-negotiated after each buffer transmission to adjust the transfer rate according to the performance observed from transferring the previous buffer. The receiving end sends burst size and burst rate values in its OK messages (described later). The sender compares these values with the values it can support. Again, it may then modify any of the parameters, but only by making them more restrictive. The modified parameters are then communicated to the receiver in a NULL-ACK packet, described later. Obviously each of the parameters depend on many factors -- gateway and host processing speeds, available memory, timer granularity -- some of which cannot be checked by either client. Each client must therefore try to make as best a guess as it can, tuning for performance on subsequent transfers. 5. The NETBLT Transfer Model Each NETBLT transfer has three stages, connection setup, data transfer, and connection close. The stages are described in detail below, along with methods for insuring that each stage completes reliably. 5.1. Connection Setup A NETBLT connection is set up by an exchange of two packets between the active NETBLT and the passive NETBLT. Note that either NETBLT can send or receive data; the words "active" and "passive" are only used to differentiate the end making the connection request from the end responding to the connection request. The active end sends an OPEN packet; the passive end acknowledges the OPEN packet in one of two ways. It can either send a REFUSED packet, indicating that the connection cannot be completed for some reason, or it can complete the connection setup by sending a RESPONSE packet. At this point the transfer can begin. As discussed in the previous section, the OPEN and RESPONSE packets are used to negotiate flow control parameters. Other parameters used in the data transfer are also negotiated. These parameters are (1) the maximum number of buffers that can be sending at any one time, and (2) whether or not DATA packet data will be checksummed. NETBLT automatically checksums all non-DATA/LDATA packets. If the negotiated checksum flag is set to TRUE (1), both the header and the data of a DATA/LDATA packet are checksummed; if set to FALSE (0), only the header is checksummed. The checksum value is the bitwise negation of the ones-complement sum of the 16-bit words being checksummed. Finally, each end transmits its death-timeout value in seconds in either the OPEN or the RESPONSE packet. The death-timeout value will be used to determine the frequency with which to send KEEPALIVE Clark, Lambert, & Zhang [Page 6] RFC 998 March 1987 packets during idle periods of an opened connection (death timers and KEEPALIVE packets are described in the following section). The active end specifies a passive client through a client-specific "well-known" 16 bit port number on which the passive end listens. The active end identifies itself through a 32 bit Internet address and a unique 16 bit port number. In order to allow the active and passive ends to communicate miscellaneous useful information, an unstructured, variable-length field is provided in OPEN and RESPONSE packets for any client- specific information that may be required. In addition, a "reason for refusal" field is provided in REFUSED packets. Recovery for lost OPEN and RESPONSE packets is provided by the use of timers. The active end sets a timer when it sends an OPEN packet. When the timer expires, another OPEN packet is sent, until some predetermined maximum number of OPEN packets have been sent. The timer is cleared upon receipt of a RESPONSE packet. To prevent duplication of OPEN and RESPONSE packets, the OPEN packet contains a 32 bit connection unique ID that must be returned in the RESPONSE packet. This prevents the initiator from confusing the response to the current request with the response to an earlier connection request (there can only be one connection between any two ports). Any OPEN or RESPONSE packet with a destination port matching that of an open connection has its unique ID checked. If the unique ID of the packet matches the unique ID of the connection, then the packet type is checked. If it is a RESPONSE packet, it is treated as a duplicate and ignored. If it is an OPEN packet, the passive NETBLT sends another RESPONSE (assuming that a previous RESPONSE packet was sent and lost, causing the initiating NETBLT to retransmit its OPEN packet). A non-matching unique ID must be treated as an attempt to open a second connection between the same port pair and is rejected by sending an ABORT message. 5.2. Data Transfer The simplest model of data transfer proceeds as follows. The sending client sets up a buffer full of data. The receiving NETBLT sends a GO message inside a CONTROL packet to the sender, signifying that it too has set up a buffer and is ready to receive data. Once the GO message is received, the sender transmits the buffer as a series of DATA packets followed by an LDATA packet. When the last packet in the buffer has been received, the receiver sends a RESEND message inside a CONTROL packet containing a list of packets that were not received. The sender resends these packets. This process continues until there are no missing packets. At that time the receiver sends an OK message inside a CONTROL packet, sets up another buffer to receive data, and sends another GO message. The sender, having received the OK message, sets up another buffer, waits for the GO Clark, Lambert, & Zhang [Page 7] RFC 998 March 1987 message, and repeats the process. The above data transfer model is effectively a lock-step protocol, and causes time to be wasted while the sending NETBLT waits for permission to send a new buffer. A more efficient transfer model uses multiple buffering to increase performance. Multiple buffering is a technique in which the sender and receiver allocate and transmit buffers in a manner that allows error recovery or successful transmission confirmation of previous buffers to be concurrent with transmission of the current buffer. During the connection setup phase, one of the negotiated parameters is the number of concurrent buffers permitted during the transfer. If there is more than one buffer available, transfer of the next buffer may start right after the current buffer finishes. This is illustrated in the following example: Assume two buffers A and B in a multiple-buffer transfer, with A preceding B. When A has been transferred and the sending NETBLT is waiting for either an OK or a RESEND message for it, the sending NETBLT can start sending B immediately, keeping data flowing at a stable rate. If the receiver of data sends an OK for A, all is well; if it receives a RESEND, the missing packets specified in the RESEND message are retransmitted. In the multiple-buffer transfer model, all packets to be sent are re-ordered by buffer number (lowest number first), with the transfer rate specified by the burst size and burst rate. Since buffer numbers increase monotonically, packets from an earlier buffer will always precede packets from a later buffer. Having several buffers transmitting concurrently is actually not that much more complicated than transmitting a single buffer at a time. The key is to visualize each buffer as a finite state machine; several buffers are merely a group of finite state machines, each in one of several states. The transfer process consists of moving buffers through various states until the entire transmission has completed. There are several obvious flaws in the data transfer model as described above. First, what if the GO, OK, or RESEND messages are lost? The sender cannot act on a packet it has not received, so the protocol will hang. Second, if an LDATA packet is lost, how does the receiver know when the buffer has been transmitted? Solutions for each of these problems are presented below. 5.2.1. Recovering from Lost Control Messages NETBLT solves the problem of lost OK, GO, and RESEND messages in two ways. First, it makes use of a control timer. The receiver can send one or more control messages (OK, GO, or RESEND) within a single Clark, Lambert, & Zhang [Page 8] RFC 998 March 1987 CONTROL packet. Whenever the receiver sends a control packet, it sets a control timer. This timer is either "reset" (set again) or "cleared" (deactivated), under the following conditions: When the control timer expires, the receiving NETBLT resends the control packet and resets the timer. The receiving NETBLT continues to resend control packets in response to control timer's expiration until either the control timer is cleared or the receiving NETBLT's death timer (described later) expires (at which time it shuts down the connection). Each control message includes a sequence number which starts at one and increases by one for each control message sent. The sending NETBLT checks the sequence number of every incoming control message against all other sequence numbers it has received. It stores the highest sequence number below which all other received sequence numbers are consecutive (in following paragraphs this is called the high-acknowledged-sequence-number) and returns this number in every packet flowing back to the receiver. The receiver is permitted to clear its control timer when it receives a packet from the sender with a high-acknowledged-sequence-number greater than or equal to the highest sequence number in the control packet just sent. Ideally, a NETBLT implementation should be able to cope with out-of- sequence control messages, perhaps collecting them for later processing, or even processing them immediately. If an incoming control message "fills" a "hole" in a group of message sequence numbers, the implementation could even be clever enough to detect this and adjust its outgoing sequence value accordingly. The sending NETBLT, upon receiving a CONTROL packet, should act on the packet as quickly as possible. It either sets up a new buffer (upon receipt of an OK message for a previous buffer), marks data for resending (upon receipt of a RESEND message), or prepares a buffer for sending (upon receipt of a GO message). If the sending NETBLT is not in a position to send data, it should send a NULL-ACK packet, which contains its high-acknowledged-sequence-number (this permits the receiving NETBLT to acknowledge any outstanding control messages), and wait until it can send more data. In all of these cases, the system overhead for a response to the incoming control message should be small and relatively constant. The small amount of message-processing overhead allows accurate control timers to be set for all types of control messages with a single, simple algorithm -- the network round-trip transit time, plus a variance factor. This is more efficient than schemes used by other protocols, where timer value calculation has been a problem because the processing time for a particular packet can vary greatly depending on the packet type. Control timer value estimation is extremely important in a high- Clark, Lambert, & Zhang [Page 9] RFC 998 March 1987 performance protocol like NETBLT. A long control timer causes the receiving NETBLT to wait for long periods of time before retransmitting unacknowledged messages. A short control timer value causes the sending NETBLT to receive many duplicate control messages (which it can reject, but which takes time). In addition to the use of control timers, NETBLT reduces lost control messages by using a single long-lived control packet; the packet is treated like a FIFO queue, with new control messages added on at the end and acknowledged control messages removed from the front. The implementation places control messages in the control packet and transmits the entire control packet, consisting of any unacknowledged control messages plus new messages just added. The entire control packet is also transmitted whenever the control timer expires. Since control packet transmissions are fairly frequent, unacknowledged messages may be transmitted several times before they are finally acknowledged. This redundant transmission of control messages provides automatic recovery for most control message losses over a noisy channel. This scheme places some burdens on the receiver of the control messages. It must be able to quickly reject duplicate control messages, since a given message may be retransmitted several times before its acknowledgement is received and it is removed from the control packet. Typically this is fairly easy to do; the sender of data merely throws away any control messages with sequence numbers lower than its high-acknowledged-sequence-number. Another problem with this scheme is that the control packet may become larger than the maximum allowable packet size if too many control messages are placed into it. This has not been a problem in the current NETBLT implementations: a typical control packet size is 1000 bytes; RESEND control messages average about 20 bytes in length, GO messages are 8 bytes long, and OK messages are 16 bytes long. This allows 50-80 control messages to be placed in the control packet, more than enough for reasonable transfers. Other implementations can provide for multiple control packets if a single control packet may not be sufficient. The control timer value must be carefully estimated. It can have as its initial value an arbitrary number. Subsequent control packets should have their timer values based on the network round-trip transit time (i.e. the time between sending the control packet and receiving the acknowledgment of all messages in the control packet) plus a variance factor. The timer value should be continually updated, based on a smoothed average of collected round-trip transit times. Clark, Lambert, & Zhang [Page 10] RFC 998 March 1987 5.2.2. Recovering from Lost LDATA Packets NETBLT solves the problem of LDATA packet loss by using a data timer for each buffer at the receiving end. The simplest data timer model has a data timer set when a buffer is ready to be received; if the data timer expires, the receiving NETBLT assumes a lost LDATA packet and sends a RESEND message requesting all missing DATA packets in the buffer. When all packets have been received, the timer is cleared. Data timer values are not based on network round-trip transit time; instead they are based on the amount of time taken to transfer a buffer (as determined by the number of DATA packet bursts in the buffer times the burst rate) plus a variance factor <1>. Obviously an accurate estimation of the data timer value is very important. A short data timer value causes the receiving NETBLT to send unnecessary RESEND packets. This causes serious performance degradation since the sending NETBLT has to stop what it is doing and resend a number of DATA packets. Data timer setting and clearing turns out to be fairly complicated, particularly in a multiple-buffering transfer model. In understanding how and when data timers are set and cleared, it is helpful to visualize each buffer as a finite-state machine and take a look at the various states. The state sequence for a sending buffer is simple. When a GO message for the buffer is received, the buffer is created, filled with data, and placed in a SENDING state. When an OK for that buffer has been received, it goes into a SENT state and is disposed of. The state sequence for a receiving buffer is a little more complicated. Assume existence of a buffer A. When a control message for A is sent, the buffer moves into state ACK-WAIT (it is waiting for acknowledgement of the control message). As soon as the control message has been acknowledged, buffer A moves from the ACK-WAIT state into the ACKED state (it is now waiting for DATA packets to arrive). At this point, A's data timer is set and the control message removed from the control packet. Estimation of the data timer value at this point is quite difficult. In a multiple-buffer transfer model, the receiving NETBLT can send several GO messages at once. A single DATA packet from the sending NETBLT could acknowledge all the GO messages, causing several buffers to start up data timers. Clearly each of the data timers must be set in a manner that takes into account each buffer's place in the order of transmission. Packets for a buffer A - 1 will always be transmitted before packets in A, so A's data timer must take into account the arrival of all of A - 1's DATA packets as well as arrival of its own DATA packets. This means that the timer values become increasingly less accurate for higher-numbered buffers. Because this data timer Clark, Lambert, & Zhang [Page 11] RFC 998 March 1987 value can be quite inaccurate, it is called a "loose" data timer. The loose data timer value is recalculated later (using the same algorithm, but with updated information), giving a "tight" timer, as described below. When the first DATA packet for A arrives, A moves from the ACKED state to the RECEIVING state and its data timer is set to a new "tight" value. The tight timer value is calculated in the same manner as the loose timer, but it is more accurate since we have moved forward in time and those buffers numbered lower than A have presumably been dealt with (or their packets would have arrived before A's), leaving fewer packets to arrive between the setting of the data timer and the arrival of the last DATA packet in A. The receiving NETBLT also sets the tight data timers of any buffers numbered lower than A that are also in the ACKED state. This is done as an optimization: we know that buffers are processed in order, lowest number first. If a buffer B numbered lower than A is in the ACKED state, its DATA packets should arrive before A's. Since A's have arrived first, B's must have gotten lost. Since B's loose data timer has not expired (it would then have sent a RESEND message and be in the ACK-WAIT state), we set the tight timer, allowing the missing packets to be detected earlier. An immediate RESEND is not sent because it is possible that A's packet was re-ordered before B's by the network, and that B's packets may arrive shortly. When all DATA packets for A have been received, it moves from the RECEIVING state to the RECEIVED state and is disposed of. Had any packets been missing, A's data timer would have expired and A would have moved into the ACK-WAIT state after sending a RESEND message. The state progression would then move as in the above example. The control and data timer system can be summarized as follows: normally, the receiving NETBLT is working under one of two types of timers, a control timer or a data timer. There is one data timer per buffer transmission and one control timer per control packet. The data timer is active while its buffer is in either the ACKED (loose data timer value is used) or the RECEIVING (tight data timer value is used) states; a control timer is active whenever the receiving NETBLT has any unacknowledged control messages in its control packet. 5.2.3. Death Timers and Keepalive Packets The above system still leaves a few problems. If the sending NETBLT is not ready to send, it sends a single NULL-ACK packet to clear any outstanding control timers at the receiving end. After this the receiver will wait. The sending NETBLT could die and the receiver, with its control timer cleared, would hang. Also, the above system puts timers only on the receiving NETBLT. The sending NETBLT has no timers; if the receiving NETBLT dies, the sending NETBLT will hang while waiting for control messages to arrive. Clark, Lambert, & Zhang [Page 12] RFC 998 March 1987 The solution to the above two problems is the use of a death timer and a keepalive packet for both the sending and receiving NETBLTs. As soon as the connection is opened, each end sets a death timer; this timer is reset every time a packet is received. When a NETBLT's death timer expires, it can assume the other end has died and can close the connection. It is possible that the sending or receiving NETBLTs will have to wait for long periods while their respective clients get buffer space and load their buffers with data. Since a NETBLT waiting for buffer space is in a perfectly valid state, the protocol must have some method for preventing the other end's death timer from expiring. The solution is to use a KEEPALIVE packet, which is sent repeatedly at fixed intervals when a NETBLT cannot send other packets. Since the death timer is reset whenever a packet is received, it will never expire as long as the other end sends packets. The frequency with which KEEPALIVE packets are transmitted is computed as follows: At connection startup, each NETBLT chooses a death-timer value and sends it to the other end in either the OPEN or the RESPONSE packet. The other end takes the death-timeout value and uses it to compute a frequency with which to send KEEPALIVE packets. The KEEPALIVE frequency should be high enough that several KEEPALIVE packets can be lost before the other end's death timer expires (e.g. death timer value divided by four). The death timer value is relatively easy to estimate. Since it is continually reset, it need not be based on the transfer size. Instead, it should be based at least in part on the type of application using NETBLT. User applications should have smaller death timeout values to avoid forcing humans to wait long periods of time for a death timeout to occur. Machine applications can have longer timeout values. 5.3. Closing the Connection There are three ways to close a connection: a connection close, a "quit", or an "abort". 5.3.1. Successful Transfer After a successful data transfer, NETBLT closes the connection. When the sender is transmitting the last buffer of data, it sets a "last- buffer" flag on every DATA packet in the buffer. This means that no NEW data will be transmitted. The receiver knows the transfer has completed successfully when all of the following are true: (1) it has received DATA packets with a "last-buffer" flag set, (2) all its control messages have been acknowledged, and (3) it has no outstanding buffers with missing packets. At that point, the receiver is permitted to close its half of the connection. The sender knows the transfer has completed when the following are true: Clark, Lambert, & Zhang [Page 13] RFC 998 March 1987 (1) it has transmitted DATA packets with a "last-buffer" flag set and (2) it has received OK messages for all its buffers. At that point, it "dallies" for a predetermined period of time before closing its half of the connection. If the NULL-ACK packet acknowledging the receiver's last OK message was lost, the receiver has time to retransmit the OK message, receive a new NULL-ACK, and recognize a successful transfer. The dally timer value MUST be based on the receiver's control timer value; it must be long enough to allow the receiver's control timer to expire so that the OK message can be re- sent. For this reason, all OK messages contain (in addition to new burst size and burst rate values), the receiver's current control timer value in milliseconds. The sender uses this value to compute its dally timer value. Since the dally timer value may be quite large, the receiving NETBLT is permitted to "short-circuit" the sending NETBLT's dally timer by transmitting a DONE packet. The DONE packet is transmitted when the receiver knows the transfer has been successfully completed. When the sender receives a DONE packet, it is allowed to clear its dally timer and close its half of the connection immediately. The DONE packet is not reliably transmitted, since failure to receive it only means that the sending NETBLT will take longer time to close its half of the connection (as it waits for its dally timer to clear) 5.3.2. Client QUIT During a NETBLT transfer, one client may send a QUIT packet to the other if it thinks that the other client is malfunctioning. Since the QUIT occurs at a client level, the QUIT transmission can only occur between buffer transmissions. The NETBLT receiving the QUIT packet can take no action other than immediately notifying its client and transmitting a QUITACK packet. The QUIT sender must time out and retransmit until a QUITACK has been received or its death timer expires. The sender of the QUITACK dallies before quitting, so that it can respond to a retransmitted QUIT. 5.3.3. NETBLT ABORT An ABORT takes place when a NETBLT layer thinks that it or its opposite is malfunctioning. Since the ABORT originates in the NETBLT layer, it can be sent at any time. The ABORT implies that the NETBLT layer is malfunctioning, so no transmit reliability is expected, and the sender can immediately close it connection. 6. Protocol Layering Structure NETBLT is implemented directly on top of the Internet Protocol (IP). It has been assigned an official protocol number of 30 (decimal). Clark, Lambert, & Zhang [Page 14] RFC 998 March 1987 7. Planned Enhancements As currently specified, NETBLT has no algorithm for determining its rate-control parameters (burst rate, burst size, etc.). In initial performance testing, these parameters have been set by the person performing the test. We are now exploring ways to have NETBLT set and adjust its rate-control parameters automatically. 8. Packet Formats NETBLT packets are divided into three categories, all of which share a common packet header. First, there are those packets that travel only from data sender to receiver; these contain the high- acknowledged-sequence-numbers which the receiver uses for control message transmission reliability. These packets are the NULL-ACK, DATA, and LDATA packets. Second, there is a packet that travels only from receiver to sender. This is the CONTROL packet; each CONTROL packet can contain an arbitrary number of control messages (GO, OK, or RESEND), each with its own sequence number. Finally, there are those packets which either have special ways of insuring reliability, or are not reliably transmitted. These are the OPEN, RESPONSE, REFUSED, QUIT, QUITACK, DONE, KEEPALIVE, and ABORT packets. Of these, all save the DONE packet can be sent by both sending and receiving NETBLTs. All packets are "longword-aligned", i.e. all packets are a multiple of 4 bytes in length and all 4-byte fields start on a longword boundary. All arbitrary-length string fields are terminated with at least one null byte, with extra null bytes added at the end to create a field that is a multiple of 4 bytes long. Clark, Lambert, & Zhang [Page 15] RFC 998 March 1987 Packet Formats for NETBLT OPEN (type 0) and RESPONSE (type 1): 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Checksum | Version | Type | +---------------+---------------+---------------+---------------+ | Length | Local Port | +---------------+---------------+---------------+---------------+ | Foreign Port | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ | Connection Unique ID | +---------------+---------------+---------------+---------------+ | Buffer Size | +---------------+---------------+---------------+---------------+ | Transfer Size | +---------------+---------------+---------------+---------------+ | DATA packet size | Burst Size | +---------------+---------------+---------------+---------------+ | Burst Rate | Death Timer Value | +---------------+---------------+---------------+---------------+ | Reserved (MBZ) |C|M| Maximum # Outstanding Buffers | +---------------+---------------+---------------+---------------+ | Client String ... +---------------+---------------+--------------- Longword Alignment Padding | ---------------+-------------------------------+ Checksum: packet checksum (algorithm is described in the section "Connection Setup") Version: the NETBLT protocol version number Type: the NETBLT packet type number (OPEN = 0, RESPONSE = 1, etc.) Length: the total length (NETBLT header plus data, if present) of the NETBLT packet in bytes Local Port: the local NETBLT's 16-bit port number Foreign Port: the foreign NETBLT's 16-bit port number Connection UID: the 32 bit connection UID specified in the section "Connection Setup". Buffer size: the size in bytes of each NETBLT buffer (save the last) Clark, Lambert, & Zhang [Page 16] RFC 998 March 1987 Transfer size: (optional) the size in bytes of the transfer. This is for client information only; the receiving NETBLT should NOT make use of it. Data packet size: length of each DATA packet in bytes Burst Size: Number of DATA packets in a burst Burst Rate: Transmit time in milliseconds of a single burst Death timer: Packet sender's death timer value in seconds "M": the transfer mode (0 = READ, 1 = WRITE) "C": the DATA packet data checksum flag (0 = do not checksum DATA packet data, 1 = do) Maximum Outstanding Buffers: maximum number of buffers that can be transferred before waiting for an OK message from the receiving NETBLT. Client string: an arbitrary, null-terminated, longword-aligned string for use by NETBLT clients. KEEPALIVE (type 2), QUITACK (type 4), and DONE (type 11) 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Checksum | Version | Type | +---------------+---------------+---------------+---------------+ | Length | Local Port | +---------------+---------------+---------------+---------------+ | Foreign Port | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ Clark, Lambert, & Zhang [Page 17] RFC 998 March 1987 QUIT (type 3), ABORT (type 5), and REFUSED (type 10) 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Checksum | Version | Type | +---------------+---------------+---------------+---------------+ | Length | Local Port | +---------------+---------------+---------------+---------------+ | Foreign Port | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ | Reason for QUIT/ABORT/REFUSE... +---------------+---------------+--------------- Longword Alignment Padding | ---------------+-------------------------------+ DATA (type 6) and LDATA (type 7): 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Checksum | Version | Type | +---------------+---------------+---------------+---------------+ | Length | Local Port | +---------------+---------------+---------------+---------------+ | Foreign Port | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ | Buffer Number | +---------------+---------------+---------------+---------------+ | High Consecutive Seq Num Rcvd | Packet Number | +---------------+---------------+---------------+---------------+ | Data Area Checksum Value | Reserved (MBZ) |L| +---------------+---------------+---------------+---------------+ Buffer number: a 32 bit unique number assigned to every buffer. Numbers are monotonically increasing. High Consecutive Sequence Number Received: Highest control message sequence number below which all sequence numbers received are consecutive. Packet number: monotonically increasing DATA packet identifier Data Area Checksum Value: Checksum of the DATA packet's data. Algorithm used is the same as that used to compute checksums of other NETBLT packets. "L" is a flag set when the buffer that this DATA packet belongs to is the last buffer in the transfer. Clark, Lambert, & Zhang [Page 18] RFC 998 March 1987 NULL-ACK (type 8) 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Checksum | Version | Type | +---------------+---------------+---------------+---------------+ | Length | Local Port | +---------------+---------------+---------------+---------------+ | Foreign Port | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ | High Consecutive Seq Num Rcvd | New Burst Size | +---------------+---------------+---------------+---------------+ | New Burst Rate | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ High Consecutive Sequence Number Received: same as in DATA/LDATA packet New Burst Size: Burst size as negotiated from value given by receiving NETBLT in OK message New burst rate: Burst rate as negotiated from value given by receiving NETBLT in OK message. Value is in milliseconds. CONTROL (type 9): 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Checksum | Version | Type | +---------------+---------------+---------------+---------------+ | Length | Local Port | +---------------+---------------+---------------+---------------+ | Foreign Port | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ Followed by any number of messages, each of which is longword aligned, with the following formats: GO message (type 0): 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Type | Word Padding | Sequence Number | +---------------+---------------+---------------+---------------+ | Buffer Number | +---------------+---------------+---------------+---------------+ Type: message type (GO = 0, OK = 1, RESEND = 2) Clark, Lambert, & Zhang [Page 19] RFC 998 March 1987 Sequence number: A 16 bit unique message number. Sequence numbers must be monotonically increasing, starting from 1. Buffer number: as in DATA/LDATA packet OK message (type 1): 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Type | Word Padding | Sequence Number | +---------------+---------------+---------------+---------------+ | Buffer Number | +---------------+---------------+---------------+---------------+ | New Offered Burst Size | New Offered Burst Rate | +---------------+---------------+---------------+---------------+ | Current control timer value | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ New offered burst size: burst size for subsequent buffer transfers, possibly based on performance information for previous buffer transfers. New offered burst rate: burst rate for subsequent buffer transfers, possibly based on performance information for previous buffer transfers. Rate is in milliseconds. Current control timer value: Receiving NETBLT's control timer value in milliseconds. RESEND Message (type 2): 1 2 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +---------------+---------------+---------------+---------------+ | Type | Word Padding | Sequence Number | +---------------+---------------+---------------+---------------+ | Buffer Number | +---------------+---------------+---------------+---------------+ | Number of Missing Packets | Longword Alignment Padding | +---------------+---------------+---------------+---------------+ | Packet Number (2 bytes) ... +---------------+---------------+---------- | Padding (if necessary) | -----------+---------------+---------------+ Packet number: the 16 bit data packet identifier found in each DATA packet. Clark, Lambert, & Zhang [Page 20] RFC 998 March 1987 NOTES: <1> When the buffer size is large, the variances in the round trip delays of many packets may cancel each other out; this means the variance value need not be very big. This expectation will be explored in further testing. Clark, Lambert, & Zhang [Page 21]